How can we help?


“Systematic Failings” on Data Protection leads to a £15,000 fine

Following on from the case reported last month on data protection (”Failing to anonymise – the cost”), a nursing home in Northern Ireland has received a fine of £15,000 from the Information Commissioner’s Office (“ICO”), following the burglary of the home of one of its staff members.

During the burglary, an unencrypted work laptop was stolen. The laptop contained sensitive personal data, including medical information, on the nursing home’s 29 residents (including “do not resuscitate” orders) and personal data on the 46 members of staff.

The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices. Data security training was also found to be lacking. In issuing the fine, the ICO said there had been “systematic failings” at the nursing home.

The fine was issued despite the nursing home referring themselves to the ICO, no complaints being made by any of the staff or residents’ families and no confirmation that the information had been further disseminated. In determining the level of the fine, the nursing home received some credit for having self-reported its breach to the ICO.

The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices.

The amount of the fine reflected the size of the business, with the ICO stating that a bigger organisation experiencing a similarly serious breach should expect to receive a much larger fine. The case therefore acts as a timely reminder that all businesses must take their legal duties to look after personal data seriously and should ensure adequate policies, procedures and equipment are in place.  Simply having a work laptop password protected will not fulfil this duty.

For useful data protection factsheets, checklists and templates, please visit 

For further advice on how to protect your business against data protection and privacy claims, please contact our employment lawyers on 

About this article


This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

  • 03 October 2023
  • Construction

Proposed Reforms To The Arbitration Act 1996

The Law Commission has published its Final Report (the Report) on proposed reforms to the Arbitration Act 1996 (the Act).

  • 27 September 2023
  • Employment

10 top tips for negotiating a redundancy settlement agreement

In today’s financial market, redundancies are unfortunately becoming a reality for many businesses and employees.

  • 22 September 2023
  • Employment

Talking Employment Law: New family friendly rights

In this first podcast in the ‘Talking Employment Law’ series, Lucy Densham Brown and Rebecca Dowle, members of the employment team summarise some of the big new family-friendly Bills that are working their way through parliament.

  • 21 September 2023
  • Immigration

Immigration Fees Surcharge – 04 October 2023

The Government has published details of the previously announced increase to visa and sponsorship fees, with the aim of increasing revenue across a range of immigration and nationality visa pathways and associated services.

  • 20 September 2023
  • Commercial Real Estate

Is your property mixed use? Commercial buyers beware of higher residential SDLT

This article discusses a recent case in which a property buyer calculated the Stamp Duty Land Tax due on the purchase at a lower rate, due to the mixed-use purpose of the property.

  • 19 September 2023
  • Privacy and Data Protection

Organisations’ use of social media: Data protection

Social media applications (or commonly known as ‘apps’) are being developed all the time and we are constantly being introduced to new social media platforms, some of which take almost no time to gain huge popularity.